Skip to main content

Microsoft Security Response Center

Microsoft Security Response Center (MSRC) is a threat intelligence feed for security vulnerabilities impacting Microsoft products and services. You can use the MSRC connector to pull MSRC CVRF (Common Vulnerability Reporting Framework) monthly updates and CVE (Common Vulnerabilities and Exposures) data into the Brinqa Platform.

This document details the information you must provide for the connector to authenticate with MSRC and how to obtain that information from Microsoft. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Microsoft Security Response Center from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate MSRC with Brinqa:

  • API URL: The MSRC API URL. The default URL is https://api.msrc.microsoft.com.

  • API version: The year of the MSRC API version. The default API version is 2024.

Types of data to retrieve

The MSRC connector can retrieve the following types of data from the MSRC API:

Table 1: Data retrieved from MSRC

Connector ObjectRequiredMaps to Data Model
ProductNoNot mapped
Security BulletinYesSecurity Advisory
Security UpdateYesVulnerability Definition
info

The MSRC connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from MSRC in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Security Bulletin

Table 2: Security Bulletin attribute mappings

Source Field NameMaps to Attribute
ALIASLocal variable
ISSUING_AUTHORITYLocal variable
LAST_UPDATEDsourceLastModified
RELEASE_DATEpublishedDate
RELEASE_NOTESdescription
SYS_IDuid
TITLEname
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Security Update

Table 3: Security Update attribute mappings

Source Field NameMaps to Attribute
ARTICLELocal variable
BULLETIN_IDLocal variable
CVE_IDcveIds, cveRecords
CVSS_BASE_SCOREUse CVSS calculator
CVSS_TEMPORAL_SCOREUse CVSS calculator
CVSS_VECTORUse CVSS calculator
DESCRIPTIONdescription
DOSLocal variable
EXPLOITEDexploitability
FAQLocal variable
IMPACTLocal variable
LAST_REVISEDsourceLastModified
LINKSreferences
LATEST_SOFTWARE_RELEASELocal variable
OLDER_SOFTWARE_RELEASELocal variable
PRODUCT_IDaffected
PUBLICLY_DISCLOSEDLocal variable
PUBLISHEDpublishedDate, sourceCreatedDate
SEVERITYseverity
SUPERSEDESLocal variable
SYS_IDuid
TITLEname
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.

APIs

The MSRC connector uses the MSRC CVRF API. Specifically, it uses the following endpoints:

Table 4: MSRC API Endpoints

Connector ObjectAPI Endpoints
Product/cvrf/{updateID}
/updates
Security Bulletin/cvrf/{updateID}
/updates
Security Update/cvrf/{updateID}
/updates
info

For additional information about the specific API endpoints, please see the MSRC CVRF API Swagger JSON.

For additional information on Microsoft security updates, please see the Microsoft Security Update Guide.

Changelog

The MSRC connector has undergone the following changes:

3.4.5

  • No change.

3.4.4

  • No change.

3.4.3

  • No change.

3.4.2

  • No change.

3.4.1

  • No change.

3.4.0

  • No change.

3.3.9

  • No change.

3.3.8

  • No change.

3.1.18